Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC...
Transcript of Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC...
![Page 1: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/1.jpg)
Hearing #9 on Competition and Consumer Protection in the 21st Century
Constitution CenterDecember 11, 2018
![Page 2: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/2.jpg)
Welcome We Will Be Starting Shortly
![Page 3: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/3.jpg)
Welcome and Introductory Remarks
Elisa JillsonFederal Trade Commission
Division of Privacy and Identity Protection
![Page 4: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/4.jpg)
Opening Remarks
Andrew SmithFederal Trade Commission
Bureau of Consumer Protection
![Page 5: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/5.jpg)
Presentations on Data Breaches2018 Data Breach Investigations Report
Marc Spitler
Strategic News Bundling and Privacy Breach DisclosuresSebastien Gay
2018 Identity Fraud: Fraud Enters a New Era of ComplexityAl Pascual
Moderators: Jared Ho, Marc Luppino
![Page 6: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/6.jpg)
2018 Data Breach Investigations Report
![Page 7: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/7.jpg)
Facts versus opinions.
7
DBIR is based on analysis of real world security incidents and confirmed data breaches.
Information is supplied by 67 partners in the latest edition, covering 1000s of companies in 65 countries.
11th
edition2,216breaches
53,308incidents
Last 5 years
9,900breaches
302,802incidents
16k+breaches
330k+incidents
Corpus
:
:
:
![Page 8: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/8.jpg)
Show me the money.The motive behind most breaches is money.
8
![Page 9: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/9.jpg)
RansomwareIf you ever want to see your precious data again…We hate being right – back in 2013 we said: “[This may] blossom as an effective tool of choice for online criminals”
9
• Doubled again this year after having doubled last year.
• Responsible for 39% of all malware related breaches.
• Ransomware accounts for 85% of all malware in Healthcare.
![Page 10: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/10.jpg)
Social EngineeringWe’re only human
10
Phishing and pretexting represent 98% of social incidents and 93% of breaches.
![Page 11: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/11.jpg)
Vertical differences
11
The table shows how different the breakouts of actors, motives, tactics, and attack patterns look across industries. Some industries handle significant amounts of payment card data, some have databases full to the brim with personally identifiable information (PII), some protect classified information and someare lucky enough to do all of the above.
![Page 12: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/12.jpg)
Threat Action Varieties
12
• Denial of Service attacks are common across numerous industries for incidents.
• Use of stolen creds and social attack related breaches plague several verticals.
• Privilege Abuse rampant in Public and Healthcare.
![Page 13: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/13.jpg)
Questions?
13
www.verizonenterprise.com/DBIR
![Page 14: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/14.jpg)
Strategic News Bundling and Privacy Breach Disclosures
Sebastien Gay
![Page 15: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/15.jpg)
2018 Identity Fraud Study
Fraud Enters a New Era of Complexity
Javelin Strategy & Research
![Page 16: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/16.jpg)
16
It was a year for the record books
2017 Stood Out as Fraud Became More Pervasive Than Ever and Consumers’ Most Sensitive PII Was Compromised as Never Before
$16.8 billion
35%
Total fraud losses at highest point in past four years
Proportion of breach victims whose SSN was compromised
6.52% Record high identity fraud incidence in 2017
Source: Javelin Strategy & Research, 2018
![Page 17: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/17.jpg)
Victims Spent More of Their Own Money Resolving Cases of Identity Fraud in 2017Out-of-pocket costs for victims of identity fraud, 2015-2017
17
![Page 18: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/18.jpg)
Nearly A Third of Consumers Hit By Data Breach in 2017, Many Not for the First TimeConsumers’ Data Breach Status (2016-2017)
![Page 19: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/19.jpg)
The Equifax Breach Sent Consumers Scrambling for Information Wherever They Could Find ItGoogle news search in interest “data breach” (January 2013 to December 2017)
![Page 20: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/20.jpg)
Cynicism Regarding Breach Notifications Understandably JumpedAgreement with: “Data breach notifications merely help organizations to save face or meet legal requirements, and do little to protect me”
![Page 21: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/21.jpg)
Concern About Fraud Also Rose Considerably in 2017Consumers concerned about identity fraud, 2016-2017
![Page 22: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/22.jpg)
Data Breach-Fraud Connection Loosened as the Breach Population Grew and Fraud EvolvedFraud incidence by breach notification status, 2015-2017
![Page 23: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/23.jpg)
Account Takeovers Incidence and Losses Have More Than Tripled in the Past Three YearsAccount takeover incidence and losses, 2015-2017
23
![Page 24: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/24.jpg)
A High in New Account Fraud Victims Isn’t Accompanied by A Similar Rise in LossesNew Account Fraud Incidence and Losses, 2015-2017
![Page 25: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/25.jpg)
EAF Victims are Experiencing More Complete Impersonation as Fraudsters Close the LoopMillions of EAF victims with fraudulent intermediary accounts opened, 2015-2017
25
![Page 27: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/27.jpg)
Presentations on Data BreachesPanel Discussion:
Marc Spitler, Sebastien Gay, Al Pascual
Moderators:Jared Ho, Marc Luppino
![Page 28: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/28.jpg)
Lunch Break11:45 am-1:00 pm
![Page 29: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/29.jpg)
Incentives to Invest in Data Security
Panel Discussion:Lawrence A. Gordon, Matthew P. McCabe, Tyler Moore,
Sasha Romanosky, Matthew Sharp
Moderators:Elisa Jillson, Mike LeGower
![Page 30: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/30.jpg)
Incentives
30
Customer Trust Reputation
Ex Ante Compliance Ex Post Liability
Customer Demand Competitive Advantage
Cost Reduction Cyber Insurance Coverage
![Page 31: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/31.jpg)
Gordon-Loeb Model for Cybersecurity Investments*
31
$𝒗𝒗𝒗𝒗
Expected Benefits of Investment
= (𝒗𝒗 − 𝑺𝑺[𝒛𝒛,𝒗𝒗])𝒗𝒗
𝒛𝒛
Level of investment in information
security𝟒𝟒𝟒𝟒𝒐𝒐
𝒛𝒛∗ 𝒗𝒗𝒗𝒗
Costs of Investment
𝒛𝒛∗(𝒗𝒗) <𝟏𝟏𝒆𝒆𝒗𝒗𝒗𝒗
𝑣𝑣 − Vulnerability (Probability of security breach)𝐿𝐿 − Potential Loss𝑣𝑣𝐿𝐿 − Expected Loss𝑧𝑧 − Level of Investment𝑧𝑧∗ − Optimal Investment Level𝑆𝑆[𝑧𝑧, 𝑣𝑣] − Revised v after z (Revised probability of breach)
Benefits are increasing at a decreasing rate.
100% security is not possible.
BBB Recommends the Gordon Loeb Model2017 U.S. Better Business Bureau (BBB) report recommends the Gordon-Loeb Model as "...a useful guide for organizations trying to find the right level of cybersecurity investment."
Benefits and Costs of an Investment in Cyber/Information Security*
*Gordon, L.A. and M.P. Loeb, “The Economics of Information Security Investment,” ACM Transactions on Information and System Security, November 2002.**Gordon, L.A., M.P. Loeb, and L. Zhou, “Investing in Cybersecurity: Insights from the Gordon-Loeb Model,” Journal of Information Security, March 2016.
Optimal Investment Example**
YouTube Video explaining the Gordon-Loeb Model: https://www.youtube.com/watch?v=cd8dT0FuqQ4
![Page 32: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/32.jpg)
Incentives to Increase Cybersecurity Investments in Private Sector Firms*
32
Why Are Cybersecurity Investments SoDifficult to Justify in Private Sector
Firms?
• They are primarily cost savings projects rather than revenue generating projects (and savings can’t be observed)
• Costs of breaches are largely implicit (reputation & liability) vs. Explicit costs (detecting & correcting breaches)
• Most breaches impact earnings and stock prices in the short-run, but not long-run (customers & stockholders have become tolerant of breaches)
• The risk (uncertainty) of breaches can’t be measured precisely & investments are largely irreversible. Wait & see approach may be rational (deferment option)
• Externalities are important, but hard to justify
Pre-regulation Security Level 1,Security Budget: 𝐵𝐵1 = 𝑃𝑃𝑃𝑃𝑃𝑃1 + 𝑃𝑃𝑌𝑌𝑦𝑦1
Post-regulation Security Level R,Security Budget: 𝐵𝐵𝑅𝑅 = 𝑃𝑃𝑃𝑃𝑃𝑃𝑅𝑅 +𝑃𝑃𝑌𝑌𝑦𝑦𝑅𝑅
𝐵𝐵𝑅𝑅 = 𝐵𝐵1
Regulation forcing security input 𝑃𝑃1 to increase to 𝑃𝑃𝑅𝑅results in a decrease in the level of security, if total level ofspending (i.e., security budget, 𝐵𝐵1 ) remains fixed and the firm was utilizing the optimal mix of inputs prior to the regulation.
Lev
el o
f Sec
urity
Act
ivity
Y
Level of Security Activity X
ISOSEC—the same quantity of security is achieved while
changing inputs
𝑩𝑩𝟏𝟏
ISOSEC1
ISOSECR
𝑦𝑦1
𝑦𝑦𝑅𝑅
𝑃𝑃1 𝑃𝑃𝑅𝑅
B1
ISOSEC1
Regulation forcing security input 𝑃𝑃1 to increase to 𝑃𝑃𝑅𝑅 results in an increase in the level of security, if total level of security spending increases from 𝐵𝐵1 to 𝐵𝐵𝑅𝑅, providing Y inputs are not reduced. The mix of inputs may not be optimal, as shown below (𝐵𝐵𝑅𝑅 = 𝑃𝑃𝑃𝑃𝑃𝑃𝑅𝑅 + 𝑃𝑃𝑌𝑌𝑦𝑦𝑅𝑅). However, the mix could be optimal, as shown above (𝐵𝐵𝑅𝑅 = 𝑃𝑃𝑃𝑃𝑃𝑃∗+ 𝑃𝑃𝑌𝑌𝑦𝑦∗).
𝑃𝑃1 Level of Security Input X
𝑦𝑦1
ISOSECT
𝑃𝑃𝑅𝑅
BR
𝑦𝑦𝑅𝑅ISOSECR
ISOSEC*
𝑦𝑦*
Lev
el o
f Sec
urity
Act
ivity
Y
𝑃𝑃*
Insights and Results from Gordon, Loeb, Lucyshyn & Zhou Research
Government incentives/regulations affect cybersecurity investments in private sector firms depending on:1. Firm’s cybersecurity budget is fixed or
increases 2. Firm is utilizing the optimal mix of
inputsFixed budget/opt mix -- incent/reg: security ↓Fixed budget/non-opt mix--incent/reg: security ↑↓Increased budget -- incent/reg: security ↑
*Gordon, L.A., M.P. Loeb, W. Lucyshyn, and L. Zhou, “Increasing Cybersecurity Investments in Private Sector Firms,” Journal of Cybersecurity, Vol. 1, No. 1., 2015.In 2016, NSA awarded this paper Honorable Mention for its contribution to the scientific cybersecurity literature.
Government Regulations/Incentives Could Result in Less Cybersecurity
Government Regulations/Incentives Could Result in More Cybersecurity
![Page 33: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/33.jpg)
Who provides (or should provide) incentives to invest in data security?
A. Culture – security professionals, executives, boards
B. Customers / consumers
C. Cyber insurance
D. Law – state statutes, data breach litigation, federal agencies, etc.
E. Other
33
![Page 34: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/34.jpg)
Incentives to Invest in Data Security
Panel Discussion:Lawrence A. Gordon, Matthew P. McCabe, Tyler Moore,
Sasha Romanosky, Matthew Sharp
Moderators:Elisa Jillson, Mike LeGower
![Page 35: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/35.jpg)
Break2:30-2:45 pm
![Page 36: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/36.jpg)
Consumer Demand for Data Security
Panel Discussion:Justin Brookman, Michael Higgins, Wiley Hodges,
Kirsten Martin, Rick Wash
Moderators:Jared Ho, Marc Luppino
![Page 37: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/37.jpg)
Consumer Reports by the numbers
![Page 38: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/38.jpg)
![Page 39: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/39.jpg)
Key security elements evaluatedUse of encryption Commitment to support period
Resistance to attacks Password rules
Vulnerability disclosure program Security oversight
Automatic/push updates Multifactor authentication
Best build practices Reliance on 3P content or libraries
Out-of-band notice of changes Updates authenticated
![Page 40: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/40.jpg)
Goals
• More information to marketplace• Empower consumers to make security-conscious choices• Provide accountability for poor security practices• Push companies toward stronger security
![Page 41: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/41.jpg)
![Page 42: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/42.jpg)
![Page 43: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/43.jpg)
![Page 44: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/44.jpg)
Security testing challenges• Public documentation often lacking• Lack of initial visibility into update frequency and quality• Black box/server-side difficult/impossible to test• Difficult to adapt and scale suite of tests to broad range of
consumer products• Score subjectivity• How assess patched vulnerabilities• Practices can change with little discoverability
![Page 45: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/45.jpg)
Limitations on demand-driven approach
• Externalities not felt by consumers• Difficulty in assessing security risks• Testing provides imperfect information• Attribution difficult and delayed• Need for legal baseline security requirements
![Page 46: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/46.jpg)
How important is perceived security to consumers making purchasing decisions?A. Important, but they expect the firm to be responsible for security.
B. Important, and they understand that security is a shared responsibility between themselves and the firm.
C. Moderately important, and they expect firms to be responsible for security
D. Moderately important, and they understand it’s a shared responsibility.
E. Not important, because consumers don’t expect security.
F. Other
46
![Page 47: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/47.jpg)
Trade-offs
47
Cost
Productivity
Usability
Functionality
Latency
Other
![Page 48: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/48.jpg)
Consumer Demand for Data Security
Panel Discussion:Justin Brookman, Michael Higgins, Wiley Hodges,
Kirsten Martin, Rick Wash
Moderators:Jared Ho, Marc Luppino
![Page 49: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/49.jpg)
Closing Remarks
Jim TrillingFederal Trade Commission
Division of Privacy and Identity Protection
![Page 50: Hearing #9 on Competition and Consumer Protection in the ......Dec 11, 2018 · Slide deck from FTC Hearing #9 on Competition and Consumer Protection in the 21st Century, Constitution](https://reader034.fdocuments.in/reader034/viewer/2022042304/5ed01aa3a036cf360e292c68/html5/thumbnails/50.jpg)
Thank You,Join Us Tomorrow